SECURITY: GitHub +3,800 repos breached!

Image from BleepingComputer¹

Bleeping Computer reported 20 May 2026 that GitHub confirmed that about 3,800 repositories were breached caused by one of its employees installing a malicious VS Code extension with a trojan. The malicious extension has been removed from the VS Code marketplace and GitHub secured the compromised device.¹

Bleeping Computer reported 21 May 2026 the malicious extension is a version of Nx Console (TanStack npm supply-chain attack).³ If you are using VSCode, consider checking if you have the extension and take necessary action to contain and mitigate the issue.

The alleged hacker group, TeamPCP, is asking $50,000 for the stolen data. No confirmed information links the group to the breach.

VSCode is a popular, electron based, free and open source code editor. The functionality can be extended by installing plugins.²

VERSIONS

2026v.0.1.1: 22May26: Added name of compromised VSCode Extension, reference, and additional labels.

2026v.0.1.0

REFERENCES

1. BleepingComputer GitHub confirms breach of 3,800 repos via malicious VSCode extension ↩ ↩²

2. VSCode is a free and open source code editor based on Electron. Electron is a web technology that enables developers to ship native apps to target operating systems. The underlying technology for building the native apps is Chromium, the free and open source version of Chrome. ↩

3. BleepingComputer GitHub links repo breach to TanStack npm supply-chain attack ↩ ↩³